Top Mathematics discussions

NishMath - #Cryptography

@martinescardo.github.io //
The mathematics community is buzzing with activity, including upcoming online events and ongoing discussions about research methodologies. A significant event to watch for is the online celebration marking the 40th anniversary of Elliptic Curve Cryptography (ECC) on August 11, 2025. This event will commemorate the foundational work of Victor Miller and Neal Koblitz in 1985. It is anticipated to be a very important event for those in the cryptography community and to those who work with elliptic curves.

The ECC celebration will feature personal reflections from Miller and Koblitz, alongside lectures by Dan Boneh and Kristin Lauter, who will explore ECC's broad impact on cryptography and its unforeseen applications. The history of ECC is used as a good example of how fundamental research can lead to unexpected and practical outcomes. This serves as a good way to promote blue skies research.

In other news, mathematicians are actively discussing the use of formal methods in their research. One Mathstodon user described using LaTeX and Agda in TypeTopology for writing papers and formalizing mathematical remarks. They found that formalizing remarks in a paper could reveal errors in thinking and improve results, even in meta-mathematical methodology. This shows how computational tools are increasingly being used to verify and explore mathematical ideas, highlighting the practical utility of pure math skills in applied contexts.

Recommended read:
References :

@www.microsoft.com //
Microsoft is undertaking a significant modernization effort of its SymCrypt cryptographic library by rewriting key components in the Rust programming language. This strategic move aims to bolster memory safety and provide enhanced defenses against sophisticated side-channel attacks. The decision to use Rust is driven by its ability to enable formal verification, ensuring that cryptographic implementations behave as intended and remain secure against potential vulnerabilities, an essential component of robust security. This modernization also ensures the library can maintain backward compatibility through a Rust-to-C compiler.

This initiative is particularly focused on the implementation of elliptic curve cryptography (ECC), a vital cryptographic algorithm used to secure Web3 applications and other sensitive systems. ECC offers a modern approach to asymmetric key cryptography, providing comparable security to older methods like RSA but with significantly smaller key sizes. This efficiency is crucial for resource-constrained devices such as mobile phones and IoT devices, enabling faster encryption and decryption processes while maintaining high levels of security against cryptanalytic attacks, providing a strong foundation for secure digital interactions.

The project involves incorporating formal verification methods using tools like Aeneas, developed by Microsoft Azure Research and Inria, allowing the mathematical verification of program properties. This process confirms that code will always satisfy given properties, regardless of input, thereby preventing attacks stemming from flawed implementations. Furthermore, the team plans to analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior, ensuring a comprehensive defense against a wide range of threats, solidifying Microsoft's commitment to providing cutting-edge security solutions.

Recommended read:
References :
  • medium.com: ECC and Web3 Cryptography as well as its threats.
  • www.microsoft.com: Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library

@medium.com //
References: medium.com , medium.com , medium.com ...
Medium is currently hosting a series of articles that delve into the core concepts and practical applications of cryptography. These articles aim to demystify complex topics such as symmetric key cryptography, also known as secret key or private key cryptography, where a single shared key is used for both encryption and decryption. This method is highlighted for its speed and efficiency, making it suitable for bulk data encryption, though it primarily provides confidentiality and requires secure key distribution. The resources available are designed to cater to individuals with varying levels of expertise, offering accessible guides to enhance their understanding of secure communication and cryptographic systems.

The published materials offer detailed explorations of cryptographic techniques, including AES-256 encryption and decryption. AES-256, which stands for Advanced Encryption Standard with a 256-bit key size, is a symmetric encryption algorithm renowned for its high level of security. Articles break down the internal mechanics of AES-256, explaining the rounds of transformation and key expansion involved in the encryption process. These explanations are presented in both technical terms for those with a deeper understanding and in layman's terms to make the concepts accessible to a broader audience.

In addition to theoretical explanations, the Medium articles also showcase the practical applications of cryptography. One example provided is the combination of OSINT (Open Source Intelligence), web, crypto, and forensics techniques in CTF (Capture The Flag) challenges. These challenges offer hands-on experience in applying cryptographic principles to real-world scenarios, such as identifying the final resting place of historical figures through OSINT techniques. The series underscores the importance of mastering cryptography in the evolving landscape of cybersecurity, equipping readers with the knowledge to secure digital communications and protect sensitive information.

Recommended read:
References :
  • medium.com: Understanding AES-256 Encryption and Decryption: A Detailed Guide for All Levels
  • medium.com: Understanding Cryptography: The Art of Secure Communication
  • mraviteja9949.medium.com: Symmetric Key Cryptography
  • medium.com: Zero-knowledge proofs (ZKPs) let a saver prove that funds follow a rule — such as “stay locked for six monthsâ€â€Šâ€” without showing the 
  • medium.com: Article on how cryptographic hash functions actually work.
  • medium.com: Quantum-Resistant Cryptography: Preparing Your Code for Post-Quantum Era
  • medium.com: News story about Demystifying ECC, Web3 Cryptography and Their Evolving Threats
  • medium.com: Hello everyone! I’m a pen tester and today we will discuss about cryptography.
  • renanikeda.medium.com: The Diffie-Hellman Key Exchange is one of the most interesting mathematical techniques to guarantee that both parties share the same…
  • medium.com: Dissecting Cryptography: From the Eliptic Curve (ECC) to the Web3 Era

@www.iansresearch.com //
The increasing capabilities of quantum computers are posing a significant threat to current encryption methods, potentially jeopardizing the security of digital assets and the Internet of Things. Researchers at Google Quantum AI are urging software developers and encryption experts to accelerate the implementation of next-generation cryptography, anticipating that quantum computers will soon be able to break widely used encryption standards like RSA. This urgency is fueled by new estimates suggesting that breaking RSA encryption may be far easier than previously believed, with a quantum computer containing approximately 1 million qubits potentially capable of cracking it. Experts recommend that vulnerable systems should be deprecated after 2030 and disallowed after 2035.

Last week, Craig Gidney from Google Quantum AI published research that significantly lowers the estimated quantum resources needed to break RSA-2048. Where previous estimates projected that cracking RSA-2048 would require around 20 million qubits and 8 hours of computation, the new analysis reveals that it could be done in under a week using fewer than 1 million noisy qubits. This more than 95% reduction in hardware requirements is a seismic shift in the projected timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption.

RSA encryption, used in secure web browsing, email encryption, VPNs, and blockchain systems, relies on the difficulty of factoring large numbers into their prime components. Quantum computers, leveraging Shor's algorithm, can exponentially accelerate this process. Recent innovations, including Approximate Residue Arithmetic, Magic State Cultivation, Optimized Period Finding with Ekerå-Håstad Algorithms, and Yoked Surface Codes & Sparse Lookups, have collectively reduced the physical qubit requirement to under 1 million and allow the algorithm to complete in less than 7 days.

Recommended read:
References :
  • medium.com: Cracking RSA with Fewer Qubits: What Google’s New Quantum Factoring Estimate Means for…
  • Security Latest: See How Much Faster a Quantum Computer Will Crack Encryption
  • www.techradar.com: Breaking encryption with quantum computers may be easier than we thought
  • Tenable Blog: Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture
  • quantumcomputingreport.com: Carahsoft and QuSecure Partner to Expand Public Sector Access to Post-Quantum Cybersecurity Solutions
  • www.quantamagazine.org: New Quantum Algorithm Factors Numbers With One Qubit
  • Quanta Magazine: New Quantum Algorithm Factors Numbers With One Qubit
  • quantumcomputingreport.com: Alice & Bob has integrated NVIDIA’s CUDA-Q quantum development platform into its open-source Dynamiqs simulation library.
  • quantumcomputingreport.com: Commvault has expanded its post-quantum cryptography (PQC) framework by adding support for the Hamming Quasi-Cyclic (HQC) algorithm, recently selected by the National Institute of Standards and Technology (NIST) as a backup key encapsulation mechanism (KEM) standard alongside ML-KEM (CRYSTALS-Kyber).

@medium.com //
Google Quantum AI has published a study that dramatically lowers the estimated quantum resources needed to break RSA-2048, one of the most widely used encryption standards. The study, authored by Craig Gidney, indicates that RSA cracking may be possible with fewer qubits than previously estimated, potentially impacting digital security protocols used in secure web browsing, email encryption, VPNs, and blockchain systems. This breakthrough could significantly accelerate the timeline for "Q-Day," the point at which quantum computers can break modern encryption.

Previous estimates, including Gidney's 2019 study, suggested that cracking RSA-2048 would require around 20 million qubits and 8 hours of computation. However, the new analysis reveals it could be done in under a week using fewer than 1 million noisy qubits. This reduction in hardware requirements is attributed to several technical innovations, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes & sparse lookups. These improvements minimize the overhead in fault-tolerant quantum circuits, enabling better scaling.

Google's researchers have discovered that, thanks to new error correction tricks and smarter algorithms, the encryption could be broken with under 1 million qubits and in less than a week, given favorable assumptions like a 0.1% gate error rate and a 1-microsecond gate time. This significantly faster encryption breaking capability, potentially 20x faster than previously anticipated, raises concerns about the security of Bitcoin wallets and other financial systems that rely on RSA encryption. The findings could potentially make Bitcoin wallets and financial systems vulnerable much sooner than expected.

Recommended read:
References :
  • medium.com: Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security. His 
  • www.theguardian.com: Google working on AI email tool that can ‘answer in your style’
  • The Official Google Blog: We’re investing for a cleaner energy future with TAE Technologies, a leading nuclear fusion company.
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than 

@medium.com //
The Post-Quantum Cryptography Coalition (PQCC) has recently published a comprehensive roadmap designed to assist organizations in transitioning from traditional cryptographic systems to quantum-resistant alternatives. This strategic initiative comes as quantum computing capabilities rapidly advance, posing a significant threat to existing data security measures. The roadmap emphasizes the importance of proactive planning to mitigate long-term risks associated with cryptographically relevant quantum computers. It is structured into four key implementation categories: Preparation, Baseline Understanding, Planning and Execution, and Monitoring and Evaluation.

The roadmap offers detailed steps for organizations to customize their adoption strategies, regardless of size or sector. Activities include inventorying cryptographic assets, assigning migration leads, prioritizing systems for upgrades, and aligning stakeholders across technical and operational domains. Furthermore, it underscores the urgency of Post-Quantum Cryptography (PQC) adoption, particularly for entities managing long-lived or sensitive data vulnerable to "harvest now, decrypt later" attacks. Guidance is also provided on vendor engagement, creating a cryptographic bill of materials (CBOM), and integrating cryptographic agility into procurement and system updates.

In related advancements, research is focusing on enhancing the efficiency of post-quantum cryptographic algorithms through hardware implementations. A new study proposes a Modular Tiled Toeplitz Matrix-Vector Polynomial Multiplication (MT-TMVP) method for lattice-based PQC algorithms, specifically designed for Field Programmable Gate Arrays (FPGAs). This innovative approach significantly reduces resource utilization and improves the Area-Delay Product (ADP) compared to existing polynomial multipliers. By leveraging Block RAM (BRAM), the architecture also offers enhanced robustness against timing-based Side-Channel Attacks (SCAs), making it a modular and scalable solution for varying polynomial degrees. This combined with hybrid cryptographic models is a practical guide to implementing post quantum cryptography using hybrid models for TLS, PKI, and identity infrastructure.

Recommended read:
References :
  • IACR News: MT-TMVP: Modular Tiled TMVP-based Polynomial Multiplication for Post-Quantum Cryptography on FPGAs
  • quantumcomputingreport.com: Post-Quantum Cryptography Coalition (PQCC) Publishes Comprehensive Roadmap for Post-Quantum Cryptography Migration
  • medium.com: In a major leap forward for global cybersecurity, Colt Technology Services, Honeywell, and Nokia have announced a joint effort to trial…
  • quantumcomputingreport.com: Carahsoft and QuSecure Partner to Expand Public Sector Access to Post-Quantum Cybersecurity Solutions

@quantumcomputingreport.com //
References: medium.com , medium.com , medium.com ...
The rapid advancement of quantum computing poses a significant threat to current encryption methods, particularly RSA, which secures much of today's internet communication. Google's recent breakthroughs have redefined the landscape of cryptographic security, with researchers like Craig Gidney significantly lowering the estimated quantum resources needed to break RSA-2048. A new study indicates that RSA-2048 could be cracked in under a week using fewer than 1 million noisy qubits, a dramatic reduction from previous estimates of around 20 million qubits and eight hours of computation. This shift accelerates the timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption, impacting everything from email to financial transactions.

This vulnerability stems from the ability of quantum computers to utilize Shor's algorithm for factoring large numbers, a task prohibitively difficult for classical computers. Google's innovation involves several technical advancements, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes with sparse lookups. These improvements streamline modular arithmetic, reduce the depth of quantum circuits, and minimize overhead in fault-tolerant quantum circuits, collectively reducing the physical qubit requirement to under 1 million while maintaining a relatively short computation time.

In response to this threat, post-quantum cryptography (PQC) is gaining momentum. PQC refers to cryptographic algorithms designed to be secure against both classical and quantum attacks. NIST has already announced the first set of quantum-safe algorithms for standardization, including FrodoKEM, a key encapsulation protocol offering a simple design and strong security guarantees. The urgency of transitioning to quantum-resistant cryptographic systems is underscored by ongoing advances in quantum computing. While the digital world relies on encryption, the evolution to AI and quantum computing is challenging the security. Professionals who understand both cybersecurity and artificial intelligence will be the leaders in adapting to these challenges.

Recommended read:
References :
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than…
  • quantumcomputingreport.com: Significant Theoretical Advancement in Factoring 2048 Bit RSA Integers
  • medium.com: Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security.
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers.
  • medium.com: Securing the Internet of Things: Why Post-Quantum Cryptography Is Critical for IoT’s Future
  • medium.com: Quantum Resilience Starts Now: Building Secure Infrastructure with Hybrid Cryptography
  • medium.com: Quantum-Resistant Cryptography: Preparing Your Code for Post-Quantum Era

@www.microsoft.com //
Microsoft is taking a proactive approach to future cybersecurity threats by integrating post-quantum cryptography (PQC) into its Windows and Linux systems. This move is designed to protect against the potential for quantum computers to break current encryption methods like RSA, which secure online communications, banking transactions, and sensitive data. Quantum computers, leveraging quantum mechanics, can solve complex problems far faster than classical computers, posing a significant threat to existing cryptographic schemes. Microsoft's initiative aims to safeguard data from a "harvest now, decrypt later" scenario, where hackers steal encrypted data today with the intent of decrypting it once quantum technology becomes advanced enough.

Microsoft's PQC implementation includes the addition of two key algorithms: ML-KEM (Module Lattice-Based Key Encapsulation Mechanism) and ML-DSA (Module Lattice-Based Digital Signature Algorithm). ML-KEM, also known as CRYSTALS-Kyber, secures key exchanges and prevents attacks by protecting the start of secure connections. ML-DSA, formerly CRYSTALS-Dilithium, ensures data integrity and authenticity through digital signatures. These algorithms are being introduced in Windows Insider builds (Canary Build 27852+) and Linux via SymCrypt-OpenSSL v1.9.0, allowing developers and organizations to begin testing and preparing for a quantum-secure future.

This update to Windows 11 is a critical step in what Microsoft views as a major technological transition. By making quantum-resistant algorithms available through SymCrypt, the core cryptographic code library in Windows, and updating SymCrypt-OpenSSL, Microsoft is enabling the widely used OpenSSL library to leverage SymCrypt for cryptographic operations. The new algorithms, selected by the National Institute of Standards and Technology (NIST), represent a move towards replacing vulnerable cryptosystems like RSA and elliptic curves. This signifies a broader effort to bolster cybersecurity against the emerging threat of quantum computing.

Recommended read:
References :
  • www.microsoft.com: FrodoKEM: A conservative quantum-safe cryptographic algorithm
  • medium.com: Welcome to the Quantum Era, where even the strongest locks we use to protect our digital lives might soon be breakable. However, don’t…
  • arstechnica.com: Here’s how Windows 11 aims to make the world safe in the post-quantum era
  • medium.com: Quantum Computing and Encryption Breakthroughs in 2025: A New Era of Innovation
  • medium.com: Cracking RSA with Fewer Qubits: What Google’s New Quantum Factoring Estimate Means for…
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than…
  • medium.com: On August 13, 2024, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the approval of…
  • medium.com: As our world becomes increasingly interconnected, the Internet of Things (IoT) is transforming industries, homes, and entire cities. From…
  • Quantum Computing Report: Post-Quantum Cryptography Coalition (PQCC) Publishes Comprehensive Roadmap for Post-Quantum Cryptography Migration
  • www.techradar.com: Breaking encryption with quantum computers may be easier than we thought

@www.microsoft.com //
References: mfesgin.github.io , IACR News , medium.com ...
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.

The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes.

In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions.

Recommended read:
References :
  • mfesgin.github.io: PhD and Post-Doc in Post-Quantum Cryptography
  • IACR News: Zero-Trust Post-quantum Cryptography Implementation Using Category Theory
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • medium.com: NIST Approves Three Post-Quantum Cryptography Standards: A Milestone for Digital Security
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking

@www.microsoft.com //
Microsoft is actively preparing for a future where quantum computers pose a significant threat to current encryption methods. The company is exploring Post-Quantum Cryptography (PQC) solutions, with a focus on algorithms like FrodoKEM, to bolster security on Windows and Linux platforms. This move is driven by the understanding that quantum computers, with their ability to solve complex problems exponentially faster than classical computers, could break the cryptographic backbone of today’s digital world, including systems like RSA, Diffie-Hellman, and elliptic curve cryptography. The urgency is underscored by recent advances like Microsoft’s Majorana 1, a quantum processor powered by topological qubits, which marks major steps toward practical quantum computing.

Microsoft's efforts to transition to quantum-resistant cryptographic systems include adding PQC algorithms to their core cryptography library, SymCrypt. Recently, Microsoft has taken the next step by adding PQC support to Windows Insiders (Canary Build 27852+) and to Linux through SymCrypt-OpenSSL v1.9.0. These additions allow companies and developers to start testing and preparing for a quantum-secure future, preventing a potential "harvest now, decrypt later" scenario where hackers collect encrypted data today to decrypt later using quantum computers using quantum computers. This proactive approach aims to safeguard digital lives against the looming quantum threat.

The new additions to Windows include ML-KEM (Module Lattice-Based Key Encapsulation Mechanism), also known as CRYSTALS-Kyber, designed for secure key exchange, and ML-DSA (Module Lattice-Based Digital Signature Algorithm), previously known as CRYSTALS-Dilithium, used for digital signatures to ensure data integrity and authenticity. NIST approved three PQC standards which are called FIPS 203, 204, and 205. FIPS 203 is a Module-Lattice-Based Key-Encapsulation Mechanism Standard that specifies a key encapsulation mechanism designed to protect information exchange over public networks, ensuring confidentiality even in the presence of quantum adversaries. FIPS 204 is a Module-Lattice-Based Digital Signature Standard that defines a digital signature scheme that provides authentication and integrity, crucial for verifying identities and securing communications. The FIPS 205:Stateless Hash-Based Digital Signature Standard outlines a stateless hash-based digital signature scheme, offering an alternative approach to digital signatures with strong security assurances. NIST encourages organizations to begin the transition to these new standards to ensure long-term data security.

Recommended read:
References :
  • medium.com: Welcome to the Quantum Era, where even the strongest locks we use to protect our digital lives might soon be breakable.
  • Microsoft Research: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies.
  • www.microsoft.com: FrodoKEM: A conservative quantum-safe cryptographic algorithm
  • arstechnica.com: Here’s how Windows 11 aims to make the world safe in the post-quantum era

@www.microsoft.com //
References: cyberinsider.com , Dan Goodin , medium.com ...
Microsoft is taking a significant step towards future-proofing cybersecurity by integrating post-quantum cryptography (PQC) into Windows Insider builds. This move aims to protect data against the potential threat of quantum computers, which could render current encryption methods vulnerable. The integration of PQC is a critical step toward quantum-resilient cybersecurity, ensuring that Windows systems can withstand attacks from more advanced computing power in the future.

Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility. This is being done in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.

The urgency behind this transition stems from the "harvest now, decrypt later" threat, where malicious actors store encrypted communications today, with the intent to decrypt them once quantum computers become capable. These captured secrets, such as passwords, encryption keys, or medical data, could remain valuable to attackers for years to come. By adopting PQC algorithms, Microsoft aims to safeguard sensitive information against this future risk, emphasizing the importance of starting the transition now.

Recommended read:
References :
  • cyberinsider.com: Microsoft has begun integrating post-quantum cryptography (PQC) into Windows Insider builds, marking a critical step toward quantum-resilient cybersecurity. Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility with …
  • Dan Goodin: Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.
  • Red Hat Security: In their article on post-quantum cryptography, Emily Fox and Simo Sorce explained how Red Hat is integrating post-quantum cryptography (PQC) into our products. PQC protects confidentiality, integrity and authenticity of communication and data against quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves feasible. Cryptographically relevant quantum computers (CRQCs) are not known to exist yet, but continued advances in research point to a future risk of successful attacks. While the migration to algorithms resistant against such
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers. The post first appeared on .
  • arstechnica.com: For the first time, new quantum-safe algorithms can be invoked using standard Windows APIs.

@thecyberexpress.com //
A critical security vulnerability has been discovered in OpenPGP.js, a widely used JavaScript library that implements the OpenPGP standard for email and data encryption. Tracked as CVE-2025-47934, the flaw allows attackers to spoof both signed and encrypted messages, effectively undermining the trust inherent in public key cryptography. Security researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that the vulnerability stems from the `openpgp.verify` and `openpgp.decrypt` functions, and it essentially undermines the core purpose of using public key cryptography to secure communications.

The vulnerability impacts versions 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0 of the OpenPGP.js library. According to an advisory posted on the library's GitHub repository, a maliciously modified message can be passed to one of these functions, and the function may return a result indicating a valid signature, even if the message has not been legitimately signed. This flaw affects both inline signed messages and signed-and-encrypted messages. The advisory also states that to spoof a message, an attacker needs a single valid message signature along with the plaintext data that was legitimately signed. They can then construct a fake message that appears legitimately signed.

Users are strongly advised to upgrade to versions 5.11.3 or 6.1.1 as soon as possible to mitigate the risk. Versions 4.x are not affected by the vulnerability. While a full write-up and proof-of-concept exploit are expected to be released soon, the current advisory offers enough details to highlight the severity of the issue. The underlying problem is that OpenPGP.js trusts the signing process without properly verifying it, leaving users open to having signed and encrypted messages spoofed. This vulnerability allows message signature verification to be spoofed.

Recommended read:
References :
  • The Register - Software: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
  • thecyberexpress.com: A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.
  • Security Affairs: A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. OpenPGP.js is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption.
  • www.csoonline.com: Critical flaw in OpenPGP.js raises alarms for encrypted email services
  • www.techradar.com: Researchers found a bug that allowed malicious actors to spoof messages. Users are advised to patch up.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures; updates have been released to address the flaw.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures

@medium.com //
Cryptography is a critical component in today's digital landscape, ensuring secure communication, data integrity, and user authentication across various platforms. Cryptography, or “secret writing”, has been used for centuries, evolving from ancient methods like the Caesar cipher to modern, complex algorithms. In the Ethereum blockchain, cryptography is the foundation of security, underpinning trustless transactions and immutable data accessible only to authorized users. Key areas where cryptography manifests in Ethereum include digital signatures, used as electronic stamps of authenticity, and cryptographic hashes, which serve as digital fingerprints for data. Cryptography is essential for securing data in transit, verifying identities, and safeguarding sensitive information such as passwords.

Asymmetric encryption, also known as public-key cryptography (PKC), plays a vital role in Ethereum. This method uses key pairs consisting of a public key, shared freely, and a private key, kept securely. Ethereum leverages elliptic curve cryptography, specifically the secp256k1 algorithm, to generate these key pairs. This algorithm relies on mathematical properties of elliptic curves with finite fields. Quantum-resistant cryptography is also gaining traction in blockchain security due to the emerging threat of quantum computers, which have the potential to break current encryption methods like RSA and ECC. In 2025, blockchain platforms are actively testing post-quantum cryptography to ensure the long-term safety of old data, secure smart contracts, and maintain user trust.

Quantum computing advancements pose a significant risk to current cryptographic methods. The U.S. House Committee on Science, Space, and Technology convened in May 2025 to discuss the future of the National Quantum Initiative (NQI). Industry leaders testified on the need to reauthorize and expand the NQI to maintain U.S. leadership in quantum technology. To counter the potential quantum threat to blockchain, developers are exploring quantum-resistant wallets and smart contract tools. Some new blockchains, like QANplatform and XX Network, are building with post-quantum crypto from the start. The importance of sustained investment in quantum sciences and the development of a skilled workforce were highlighted.

Recommended read:
References :

@crypto.ku.edu.tr //
Koç University's Cryptography, Security & Privacy Research Group is offering scholarships and internships in the field of cryptography, security, and privacy, including positions at the post-doctoral level. These opportunities are available for Ph.D. and M.Sc. students, as well as post-doctoral researchers interested in contributing to cutting-edge research. The project funding is specifically related to applied cryptography, with a focus on privacy-preserving and adversarial machine learning. This initiative aims to foster talent and innovation in these critical areas of computer science and engineering.

The research group is also offering summer internships to undergraduates and graduates to improve their research skills and plan to attend graduate school. This experience can help them decide if they want to pursue graduate education or a research career. The program is available for international students, which takes place between June 30 and August 15th. The application deadline is May 16, 2025 and the applications opened March 12, 2025.

The Koç University Summer Research Program is also open to motivated high school students. The program aims to help students experience a university environment, gather information on undergraduate areas they would like to study, and learn how to conduct academic research. Applicants must have completed Year 8. All applicants should have good academic standings and be sufficient in English Language as the medium of instruction is English.

Recommended read:
References :
  • crypto.ku.edu.tr: Post-Doctoral Researcher Position at the Cryptography, Security & Privacy Research Group
  • gsse.ku.edu.tr: Ph.D. and M.Sc. Scholarships at the Cryptography, Security & Privacy Research Group
  • research.ku.edu.tr: Summer Internships on Cryptography, Security, and Privacy
  • IACR News: Summer Internships on Cryptography, Security, and Privacy
  • IACR News: Ph.D. and M.Sc. Scholarships at the Cryptography, Security & Privacy Research Group

Mohamed Abdel-Kareem@Quantum Computing Report //
References: osintteam.blog , medium.com
Recent advances in quantum computing pose a significant threat to current cryptographic systems, necessitating the development and deployment of post-quantum cryptography (PQC). Quantum computers, leveraging quantum mechanics, can perform certain calculations exponentially faster than classical computers. This capability undermines the security of widely used public key cryptography algorithms like RSA and Elliptic Curve Cryptography (ECC), which rely on the difficulty of factoring large numbers and finding discrete logarithms. Mathematician Peter Shor's algorithm demonstrated that quantum computers could break RSA encryption, spurring interest in quantum-resistant cryptography. While symmetric key algorithms like AES and hash functions are considered more robust, the vulnerability of public key cryptography demands immediate attention and transition to PQC solutions.

The Bitcoin ecosystem is actively exploring the integration of post-quantum cryptographic solutions to safeguard against potential quantum attacks. Blockstream is seeking an Applied Cryptographer to research, evaluate, and implement PQC tailored for Bitcoin's unique challenges. This includes adapting state-of-the-art PQC research to the Bitcoin domain, exploring features relevant for Bitcoin such as threshold signatures, signature aggregation, Taproot tweaking, silent payments, and HD wallets. The focus is on analyzing the implications of integrating post-quantum schemes into Bitcoin and contributing to Bitcoin Improvement Proposals (BIPs) to standardize cryptography for use in Bitcoin.

In related news, Heriot-Watt University has launched a £2.5 million Optical Ground Station (HOGS) to advance satellite-based quantum-secure communication. This facility will enable quantum key distribution (QKD) experiments with satellites, contributing to the development of a quantum-secure internet. Furthermore, U.S. Congress is considering the "Quantum Sandbox for Near-Term Applications Act" to promote the commercial advancement of quantum technology through public-private partnerships. Simultaneously, research is underway to enhance telehealth cybersecurity by integrating PQC with QKD and privacy-preserving mechanisms, ensuring data confidentiality and immutability for patient records in a post-quantum era.

Recommended read:
References :
  • osintteam.blog: Understanding Cryptography: How Your Crypto Wallets, Apps, and NFTs Stay Secure
  • medium.com: Quantum Computing and Post-Quantum Cryptography

@medium.com //
References: medium.com , medium.com , medium.com ...
The convergence of quantum computing and cryptography is rapidly evolving, presenting both opportunities and threats to the digital landscape. EntropiQ, a startup specializing in quantum solutions, has launched Quantum Entropy as a Service (QEaaS), offering on-demand, crypto-agile quantum entropy distribution. This service is designed for critical infrastructure and integrates with existing systems via API, aligning with NIST SP 800-90 guidelines. To bolster deployment and operational validation, EntropiQ has partnered with Equinix and GIS QSP, demonstrating its platform in secure, scalable environments across various locations, including Silicon Valley and Washington, D.C.

The imminent threat posed by quantum computers to current cryptographic systems is driving the need for innovative security measures. Algorithms like RSA and ECC, which underpin much of today's digital security, are vulnerable to quantum algorithms like Shor's, which can efficiently factor large integers. This has prompted significant research into post-quantum cryptography (PQC), with solutions like SPQR-AC emerging to leverage hybrid cryptographic frameworks combining lattice-based and code-based primitives. The UK’s National Cyber Security Centre (NCSC) has issued guidance, urging organizations to plan their transition to quantum-safe cryptography by 2028 and complete migration of high-criticality systems by 2031.

Artificial intelligence (AI) is increasingly being integrated into quantum cryptography to enhance security and build resilience against emerging quantum threats. This fusion of AI and quantum-resistant encryption is aimed at protecting data in the post-quantum era, as AI can aid in developing more robust and adaptive cryptographic solutions. The NCSC's recommendations emphasize the importance of understanding the risks and taking proactive steps to secure digital infrastructure. Furthermore, the concept of "crypto agility" is gaining traction, encouraging businesses to develop the capacity to rapidly adapt encryption standards as quantum computers advance, ensuring continuous protection against evolving threats.

Recommended read:
References :
  • medium.com: AI Meets Quantum Cryptography: Securing Our Digital Future
  • medium.com: How Quantum Computing is a Threat to Cryptography
  • medium.com: Quantum Security: The Silent Threat Coming for Your Business
  • medium.com: Blog post about Post‑Quantum Cryptography.
  • The Next Web: UK’s digital defences need ‘colossal’ overhaul for quantum era

@www.microsoft.com //
Microsoft is making significant strides in enhancing digital security and technological advancement on multiple fronts. The company is actively pushing passkeys as a simpler and safer alternative to traditional passwords. Marking the shift, Microsoft joined the FIDO Alliance in celebrating the first "World Passkey Day," and has pledged to increase the adoption of passkeys, which offer a phishing-resistant authentication method utilizing face, fingerprint, or PIN. This initiative aims to combat the rising tide of password-based cyberattacks, which have surged to an alarming 7,000 attacks per second. Microsoft introduced Windows Hello as a way to sign into accounts without a password and this laid the ground work for an entirely new era of authentication.

Microsoft Vice Chair and President Brad Smith is also urging the United States and its allies to intensify their efforts in quantum computing. Smith emphasizes the increasing competition from countries like China and highlights the importance of bolstering investment, workforce development, and supply chain security to maintain U.S. technological leadership. Quantum computing promises transformative advancements in fields like medicine, energy, and national security.

In addition to its quantum efforts, Microsoft has announced new European digital commitments, recognizing the importance of trans-Atlantic ties for economic growth. These commitments include datacenter operations in 16 countries and a Digital Resilience Commitment, reflecting the company's deep economic reliance on Europe.

Recommended read:
References :
  • thequantuminsider.com: Microsoft Leadership Urges U.S., Allies to Double Down on Quantum
  • Source: Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
  • Source: Investing in American leadership in quantum technology: the next frontier in innovation
  • www.microsoft.com: Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

@medium.com //
References: medium.com , medium.com , medium.com ...
Cryptography is at the heart of cybersecurity, playing a critical role in protecting our digital world. Encryption, the process of converting plain text into an unreadable ciphered text, ensures secure communication. Cryptography secures sensitive information such as passwords, credit card numbers, and private messages from unauthorized access. Without it, digital secrets wouldn't exist, and our texts, emails, and bank records would be easily hackable. From ancient ciphers like the Caesar cipher to modern encryption algorithms, cryptography is essential for maintaining privacy and authenticity in the digital age.

Suite25519, a modern cryptographic library, emerges as a powerful tool for securing real-world assets. Designed for simplicity, efficiency, and security, it provides cryptographic functions centered around Ed25519 and X25519. Suite25519 supports key pair generation, digital signatures, encryption/decryption via ECIES, and CBOR serialization. This lightweight library is built for developers who require cryptographic capabilities without unnecessary overhead, offering isomorphic support for both Node.js and modern browsers. It allows developers to easily generate keys, sign messages, encrypt data, and perform combined operations securely.

In the realm of decentralized asset control, Threshold BLS (tBLS) signatures are being pioneered to enhance cross-chain transaction throughput. This approach replaces complex Threshold ECDSA with a faster and simpler alternative, vastly improving the efficiency of cross-chain applications. Threshold signatures schemes enable a distributed group of validators to collaboratively authorize transactions without relying on a single entity, enhancing security and resilience against malicious activities. ZetaChain is at the forefront of implementing tBLS signatures, aiming to overcome the performance limitations of existing methods and provide more secure and scalable solutions for blockchain interoperability.

Recommended read:
References :

@thequantuminsider.com //
Project Eleven has launched the QDay Prize, an open competition offering one Bitcoin, currently valued around $84,000 to $85,000, to anyone who can break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer. This initiative aims to evaluate the proximity of quantum computing to undermining ECC, a widely used encryption scheme. Participants must demonstrate the ability to break ECC using Shor's algorithm, without classical shortcuts or hybrid methods and submissions must include gate-level code and system specifications, all made publicly available for transparency.

The competition is structured around progressively larger ECC key sizes, starting from 1-bit keys, with an emphasis on demonstrating generalizable techniques that can scale to full cryptographic key lengths. The challenge, running until April 5, 2026, seeks to rigorously benchmark the real-world quantum threat to Bitcoin’s core security system. Project Eleven emphasizes that even successful attacks on small keys would be significant milestones, offering valuable insights into the security risks in modern cryptographic systems.

Participants can use publicly accessible quantum hardware or private systems, and are expected to handle error-prone qubit environments realistically, given current hardware fidelities. Breaking even a few bits of a private key would be considered a significant achievement, according to Project Eleven. The QDay Prize hopes to establish a verifiable and open marker of when practical quantum attacks against widely used encryption systems may emerge, highlighting the urgency of understanding how close current technologies are to threatening ECC security.

Recommended read:
References :
  • thequantuminsider.com: Quantum Contest Offers 1 Bitcoin for Cracking Encryption With Shor’s Algorithm
  • Bitcoin News: Project Eleven believes this would be an extremely hard task, and achieving even a few bits of a private key would be big news.
  • Quantum Computing Report: Project Eleven (P11) has announced the QDay Prize, an open competition offering a reward of one Bitcoin (current value about $85,000) for demonstrating the ability to break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer.
  • quantumcomputingreport.com: Project Eleven’s QDay Prize Offers 1 Bitcoin for Breaking Elliptic Curve Cryptography Using Shor’s Algorithm

Siôn Geschwindt@The Next Web //
Quantum computing is rapidly advancing, and its potential impact on encryption security is becoming a major concern. Classical encryption methods, such as RSA and Elliptic Curve Cryptography (ECC), rely on mathematical problems that are difficult for traditional computers to solve. However, quantum algorithms, particularly Shor’s algorithm, threaten to break these systems. Shor's algorithm can efficiently factor large integers, which is the foundation of RSA, and solve the elliptic curve discrete logarithm problem (ECDLP), which underpins ECC. Project Eleven has even launched the Q-Day Prize, offering 1 Bitcoin to anyone who can crack a Bitcoin private key using Shor’s algorithm on a quantum computer, underscoring the urgency of addressing this threat.

The vulnerability of current cryptographic methods has spurred research into post-quantum cryptography (PQC). PQC focuses on developing encryption algorithms that are resistant to attacks from both classical and quantum computers. The National Institute of Standards and Technology (NIST) has already published its first set of post-quantum standards in August 2024, including algorithms like ML-KEM (Kyber) for key encapsulation and ML-DSA (Dilithium) for digital signatures. These standards are intended to be integrated into software and systems over the coming years, with the NSA’s Commercial National Security Algorithm Suite (CNSA 2.0) mandating their use in certain applications by 2030.

While commercially viable quantum computers capable of breaking current encryption are still under development, the pace of progress is accelerating. IBM and Google are among the companies racing to build larger and more powerful quantum processors. Experts estimate that a quantum computer with around 20 million physical qubits (approximately 6,000 logical qubits) could factor a 2048-bit RSA modulus in a matter of hours. This has led to a "harvest-now, decrypt-later" strategy, where adversaries collect encrypted data with the intention of decrypting it once quantum computers become powerful enough. The transition to quantum-resistant cryptography is now considered an engineering problem, requiring careful planning and implementation across various systems and infrastructures.

Recommended read:
References :

@thequantuminsider.com //
References: medium.com , mrtecht.medium.com ,
The rise of quantum computing is creating a new era of strategic competition, with nations and organizations racing to prepare for the potential disruption to modern encryption. Quantum computers, leveraging qubits that can exist in multiple states simultaneously, have the potential to break current encryption standards, revolutionize fields like medicine and finance, and reshape global power dynamics. Governments and businesses are acutely aware of this threat, with the U.S. scrambling to implement quantum-resistant cryptography and China investing heavily in quantum networks. This competition extends to technology controls, with the U.S. restricting China's access to quantum technology, mirroring actions taken with advanced semiconductors.

The urgency stems from the fact that a cryptanalytically relevant quantum computer capable of breaking common public key schemes like RSA or ECC is anticipated by 2030. To address this, the National Institute of Standards and Technology (NIST) has standardized quantum-secure algorithms and set a 2030 deadline for their implementation, alongside the depreciation of current cryptographic methods. Companies like Utimaco are launching post-quantum cryptography (PQC) application packages such as Quantum Protect for its u.trust General Purpose HSM Se-Series, enabling secure migration ahead of the quantum threat. This package supports NIST-standardized PQC algorithms like ML-KEM and ML-DSA, as well as stateful hash-based signatures LMS and XMSS.

Efforts are also underway to secure blockchain technology against quantum attacks. Blockchains rely on cryptography techniques like public-key cryptography and hashing to keep transactions secure, however, quantum computers could potentially weaken these protections. Post-quantum cryptography focuses on developing encryption methods resistant to quantum attacks. Key approaches include Lattice-Based Cryptography, which uses complex mathematical structures that quantum computers would struggle to solve. The transition to a quantum-resistant future presents challenges, including the need for crypto-agility and the development of secure migration strategies.

Recommended read:
References :
  • medium.com: Approaching post-quantum cryptography: an overview of the most well-known algorithms
  • mrtecht.medium.com: The Quantum Threat to Your Encryption is Coming: Understanding Post-Quantum Cryptography
  • The Quantum Insider: Utimaco Launches Post Quantum Security App Package